Galaxy, is a free site for finding, downloading, and sharing community developed roles. Downloading roles from Galaxy is
a great way to jumpstart your automation projects.

You can also use the site to share roles that you create. By authenticating with the site using your GitHub account, you’re able to import roles, making
them available to the Ansible community. Imported roles become available in the Galaxy search index and visible on the site, allowing users to
discover and download them.

The ansible-galaxy command comes bundled with Ansible, and you can use it to install roles from Galaxy or directly from a git based SCM. You can
also use it to create a new role, remove roles, or perform tasks on the Galaxy website.

The command line tool by default communicates with the Galaxy website API using the server address https://galaxy.ansible.com. Since the Galaxy project
is an open source project, you may be running your own internal Galaxy server and wish to override the default server address. You can do this using the –server option
or by setting the Galaxy server value in your ansible.cfg file. For information on setting the value in ansible.cfg visit Galaxy Settings.

Be aware that by default Ansible downloads roles to the path specified by the environment variable ANSIBLE_ROLES_PATH. This can be set to a series of
directories (i.e. /etc/ansible/roles:~/.ansible/roles), in which case the first writable path will be used. When Ansible is first installed it defaults
to /etc/ansible/roles, which requires root privileges.

You can override this by setting the environment variable in your session, defining roles_path in an ansible.cfg file, or by using the –roles-path option.
The following provides an example of using –roles-path to install the role into the current working directory:

Beginning with Ansible 1.8 it is possible to install multiple roles by including the roles in a requirements.yml file. The format of the file is YAML, and the
file extension must be either .yml or .yaml.

Use the following command to install roles included in requirements.yml:

$ ansible-galaxy install -r requirements.yml

Again, the extension is important. If the .yml extension is left off, the ansible-galaxy CLI assumes the file is in an older, now deprecated,
“basic” format.

Each role in the file will have one or more of the following attributes:

src

The source of the role. Use the format username.role_name, if downloading from Galaxy; otherwise, provide a URL pointing
to a repository within a git based SCM. See the examples below. This is a required attribute.

scm

Specify the SCM. As of this writing only git or hg are supported. See the examples below. Defaults to git.

version:

The version of the role to download. Provide a release tag value, commit hash, or branch name. Defaults to master.

name:

Download the role to a specific name. Defaults to the Galaxy name when downloading from Galaxy, otherwise it defaults
to the name of the repository.

Use the following example as a guide for specifying roles in requirements.yml:

# from galaxy-src:yatesr.timezone# from GitHub-src:https://github.com/bennojoy/nginx# from GitHub, overriding the name and specifying a specific tag-src:https://github.com/bennojoy/nginxversion:mastername:nginx_role# from a webserver, where the role is packaged in a tar.gz-src:https://some.webserver.example.com/files/master.tar.gzname:http-role# from Bitbucket-src:git+http://bitbucket.org/willthames/git-ansible-galaxyversion:v1.4# from Bitbucket, alternative syntax and caveats-src:http://bitbucket.org/willthames/hg-ansible-galaxyscm:hg# from GitLab or other git-based scm-src:[email protected]:mygroup/ansible-base.gitscm:gitversion:"0.1"# quoted, so YAML doesn't parse this as a floating-point value

Roles can also be dependent on other roles, and when you install a role that has dependencies, those dependencies will automatically be installed.

You specify role dependencies in the meta/main.yml file by providing a list of roles. If the source of a role is Galaxy, you can simply specify the role in
the format username.role_name. The more complex format used in requirements.yml is also supported, allowing you to provide src, scm, version, and name.

Tags are inherited down the dependency chain. In order for tags to be applied to a role and all its dependencies, the tag should be applied to the role, not to all the tasks within a role.

Roles listed as dependencies are subject to conditionals and tag filtering, and may not execute fully depeneding on
what tags and conditinoals are applied.

When dependencies are encountered by ansible-galaxy, it will automatically install each dependency to the roles_path. To understand how dependencies are handled during play execution, see Roles.

Note

At the time of this writing, the Galaxy website expects all role dependencies to exist in Galaxy, and therefore dependencies to be specified in the
username.role_name format. If you import a role with a dependency where the src value is a URL, the import process will fail.

If a directory matching the name of the role already exists in the current working directory, the init command will result in an error. To ignore the error
use the –force option. Force will create the above subdirectories and files, replacing anything that matches.

If you are creating a Container Enabled role, use the –container-enabled option. This will create the same directory structure as above, but populate it
with default files appropriate for a Container Enabled role. For instance, the README.md has a slightly different structure, the .travis.yml file tests
the role using Ansible Container, and the meta directory includes a container.yml file.

Using the import, delete and setup commands to manage your roles on the Galaxy website requires authentication, and the login command
can be used to do just that. Before you can use the login command, you must create an account on the Galaxy website.

The login command requires using your GitHub credentials. You can use your username and password, or you can create a personal access token. If you choose to create a token, grant minimal access to the token, as it is used just to verify identify.

The following shows authenticating with the Galaxy website using a GitHub username and password:

$ ansible-galaxy loginWe need your GitHub login to identify you.This information will not be sent to Galaxy, only to api.github.com.The password will not be displayed.Use --github-token if you do not want to enter your password.Github Username:dsmithPassword for dsmith:Successfully logged into Galaxy as dsmith

When you choose to use your username and password, your password is not sent to Galaxy. It is used to authenticates with GitHub and create a personal access token.
It then sends the token to Galaxy, which in turn verifies that your identity and returns a Galaxy access token. After authentication completes the GitHub token is
destroyed.

If you do not wish to use your GitHub password, or if you have two-factor authentication enabled with GitHub, use the –github-token option to pass a personal access token
that you create.

The delete command requires that you first authenticate using the login command. Once authenticated you can remove a role from the Galaxy web site. You are only allowed
to remove roles where you have access to the repository in GitHub.

Use the following to delete a role:

$ ansible-galaxy delete github_user github_repo

This only removes the role from Galaxy. It does not remove or alter the actual GitHub repository.

You can create an integration or connection between a role in Galaxy and Travis. Once the connection is established, a build in Travis will
automatically trigger an import in Galaxy, updating the search index with the latest information about the role.

You create the integration using the setup command, but before an integration can be created, you must first authenticate using the login command; you will
also need an account in Travis, and your Travis token. Once you’re ready, use the following command to create the integration:

The setup command requires your Travis token, however the token is not stored in Galaxy. It is used along with the GitHub username and repo to create a hash as described
in the Travis documentation. The hash is stored in Galaxy and used to verify notifications received from Travis.

The setup command enables Galaxy to respond to notifications. To configure Travis to run a build on your repository and send a notification, follow the
Travis getting started guide.

To instruct Travis to notify Galaxy when a build completes, add the following to your .travis.yml file: